The Version 6 CLI: Getting Started

In the entry on Directory Service Control Center: Getting Started, I showed you how to use Directory Service Control Center to create a first instance of Directory Server. This entry demonstrates how to create an instance on the command line.

Directory Server Enterprise Edition 6.0 brings you a powerful, high-level command line for both Directory Server and Directory Proxy Server. Although you may still want to use the ldapmodify command to update some configuration parameters, you rarely have to do so.

Instead, you have two similarly named commands for each server. For Directory Server, you have dsadm and dsconf. For Directory Proxy Server, dpadm and dpconf. Why two separate commands for each server? Because you administer a server process locally, but you can configure a running server process remotely. The dsadm and dpadm commands administer local servers at the system level (create an instance, start/stop, etc.). The dsconf and dpconf commands configure servers over LDAP (managing replication, creating new indexes, adjusting log levels, etc.).

When setting up Directory Server by hand, the first command you use after installing Directory Server is no doubt dsadm create. This command creates a Directory Server instance in a directory you specify, meaning that the command creates the basic configuration files you need to start a Directory Server process that can respond to LDAP requests. For example, you can create your new server under /local/ds with the default ports by using the following command.

$ dsadm create /local/ds
Choose the Directory Manager password:
Confirm the Directory Manager password:
Use 'dsadm start /local/ds' to start the instance

So far so good. If you list the files under /local/ds, you find everything you need to run a Directory Server process, though the database directory is completely empty. After all, there is no directory data to store, yet.

The next command to use is just what the first command suggested: dsadm start /local/ds. This command starts the Directory Server process with the configuration information under /local/ds.

$ dsadm start /local/ds
Server started: pid=2845

Notice you do not see the port numbers in the output. How do you know where to contact the server over LDAP? When you create the server as root, you can directly manage ports less than 1024, so the server is created to listen for LDAP connections on the standard ports. That is, 389 for LDAP and 636 for LDAP secured with SSL. If you are a normal, non-root user, as in this example, just add 1000 to the standard port numbers. So our default port numbers in this example are 1389 for LDAP, 1636 for LDAP secured with SSL.

A server that has no data to serve is useless. So add some sample data. Directory Server ships with ready-made sample data in LDIF, install-path/ds6/ldif/Example.ldif. The install-path depends on how you installed the software. If you installed using the Java ES installer, /opt/SUNWdsee on Solaris systems, /opt/sun on Red Hat and HP-UX systems, C:\\Program Files\\Sun\\JavaES5\\DSEE on Windows systems. If you have been following along on the command-line up to this point, then you found it already in order to get to install-path/ds6/dsadm.

The following commands create a suffix, officially known as a naming context and to be understood as a directory data container, to hold sample data, and then import sample data online. (When you are ready to attack performance tuning, you can build your own sample data with the makeldif command.)

$ dsconf create-suffix -h localhost -p 1389 dc=example,dc=com
Certificate "CN=hostname, CN=1636, CN=Directory Server, O=Sun Microsystems"
 presented by the server is not trusted.
Type "Y" to accept, "y" to accept just once, "n" to refuse, "d" for more details: Y
Enter "cn=Directory Manager" password:
$ dsconf import -h localhost -p 1389 install-path/ds6/ldif/Example.ldif dc=example,dc=com
Enter "cn=Directory Manager" password:
New data will override existing data of the suffix "dc=example,dc=com".
Initialization will have to be performed on replicated suffixes.
Do you want to continue [y/n] ?  y
## Index buffering enabled with bucket size 40
## Beginning import job...
## Processing file "install-path/ds6/ldif/Example.ldif"
## Finished scanning file "install-path/ds6/ldif/Example.ldif" (160 entries)
## Workers finished; cleaning up...
## Workers cleaned up.
## Cleaning up producer thread...
## Indexing complete.
## Starting numsubordinates attribute generation.
 This may take a while, please wait for further activity reports.
## Numsubordinates attribute generation complete. Flushing caches...
## Closing files...
## Import complete.  Processed 160 entries in 4 seconds. (40.00 entries/sec)

Task completed (slapd exit code: 0).

Notice that the new server comes with a default, self-signed SSL certificate, so you can do secure communication for configuration out of the box. You will probably want to do production SSL authentication with a certificate from your certificate authority, but the self-signed cert is handy when you are starting out.

Notice also that you have switched to using the dsconf command at this point. With a running server, you can start doing commands over LDAP. You could therefore also be running the dsconf command from another system if you so desired, though the LDIF to import would still have to be accessible on the file system of the host running the server.

Now you have your server running, complete with sample data under dc=example,dc=com, listening on ports 1389 and 1636. Take a look at Babs Jensen's entry to make sure.

$ ldapsearch -h localhost -p 1389 -b dc=example,dc=com "(uid=bjensen)"
version: 1
dn: uid=bjensen, ou=People, dc=example,dc=com
cn: Barbara Jensen
cn: Babs Jensen
sn: Jensen
givenName: Barbara
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: Product Development
ou: People
l: Cupertino
uid: bjensen
telephoneNumber: +1 408 555 1862
facsimileTelephoneNumber: +1 408 555 1992
roomNumber: 0209

Setting up Directory Proxy Server is quite similar to setting up Directory Server. You will find the basics right in the Installation chapter of the Installation Guide.


Why provides my JES Solaris installation only dscfg and dpcfg commands, no dsconf and no dpconf?

Posted by Grzemba on May 22, 2007 at 05:10 AM CEST #

Post a Comment:
  • HTML Syntax: NOT allowed

Mark Craig writes about Directory Services products and technologies. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.


« April 2014